tnich private contact
Closed this issue · 11 comments
hi,
Would you be willing to help me via email as i am facing a issue related to the concept which you have created.
-1 from me
Please could you share your concerns on this issue listing? Would be great to keep all conversation open so we can shape the project accordingly.
of course, can this concept be created via vmwares as the first pi would be the first vmware image and the second pi would become the second vmware image?
i would like to recreate this using vmwares as i do not have pi's
Of course, the script is completely platform independent, I myself run my honey pot within a libvirt virtual machine. My usual course of action is to install my favourite Linux distribution with the required developer tools pre-requisites, create a Python virtual env and then install honssh to the virtual env. I even made a hack to host the backend server in a docker container...
Let me know if you need any more info / how to guide.
great! i am running ubuntu 14.04 and have it running on 2 virtual images, now i need to configure the network between both of the images to communicate appropriately, where:
image 1 ----- hon shh
image 2 ----- honeypot
now both of these would need to communicate
can you tell me how you have configured your network step by step? would be great if i could get this working
Yep, so I would do the following:
- 2 NICs on the HonSSH host
- 1 NIC on the honeypot
Have to vswitches in VMWare, one bridged to the network you want to expose the honeypot on and another which is a private network between the honeypot and the HonSSH server.
Attach the NICs accordingly... Now you'll notice the honeypot has no internet access, this is a good thing but limits the info you can get from the honeypot as you'll want to capture attackers payloads, the easiest way to get around this is to install iptables with masquerading NAT on the HonSSH host, this gives the added benefit of being able to run a man in the middle on the attackers outbound connections.
Remember if you have a network which uses port forwarding and the HonSSH host sits on the internal network the NAT outbound from the honeypot may allow the attacker to see your internal network depending on Firewalling / network design.
any tips for my-self i have set the
first vmware to bridged
second to host only
cannot seem to ping the bridged network from the host only one
I am guessing you are using a consumer version of VMWare rather than something like ESXi here by the sounds of it. Unfortunately I am not too familiar with the networking flavours of these versions.
Out of curiosity what is your main goal of doing this from the following list?
- Run a Honeypot for data aquisition
- Run a Honeypot for personal interest / fun
- Develop improvements for HonSSH
- Not really sure...
This will help me further understand your use case and advise the best scenario. I wouldn't really advise running your own Honeypot unless you have some knowledge as it can be a security death trap if you allow the hacker access to your internal network by accident. Are you running this in a DC, or on a machine at home?
Please let me know your use case and I can probably help advise you better.
Best Regards,
robputt796
how have you managed to connect your vmware's i only need this configuration, step by step please
the rest i am confident with.
Kind Regards
Hi,
I'd suggest you read the VMWare manual for the details, but just make it go:
Internet -- vswitch -- HonSSH -- vswitch -- Honeypot
ok great thanks
Thanks @robputt796 👍
@clearvision17 Please raise another issue for any issues you have with getting HonSSH running